mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 09:11:28 +00:00
123 lines
3.7 KiB
JSON
123 lines
3.7 KiB
JSON
{
|
|
"id": "CVE-2022-40433",
|
|
"sourceIdentifier": "cve@mitre.org",
|
|
"published": "2023-08-22T19:16:24.010",
|
|
"lastModified": "2023-12-01T21:15:07.527",
|
|
"vulnStatus": "Modified",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "An issue was discovered in function ciMethodBlocks::make_block_at in Oracle JDK (HotSpot VM) 11, 17 and OpenJDK (HotSpot VM) 8, 11, 17, allows attackers to cause a denial of service. Note: Vendor states that this to is Defense in Depth at most due to the nature of the issue and the special circumstances required (server must be running particular code locally, code compiled with an old, old version of javac, etc.)."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Se ha descubierto un problema en la funci\u00f3n ciMethodBlocks::make_block_at de Oracle JDK (HotSpot VM) 11, 17 y OpenJDK (HotSpot VM) 8, 11, 17, que permite a los atacantes provocar una denegaci\u00f3n de servicio.\n"
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "HIGH",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "HIGH",
|
|
"baseScore": 4.9,
|
|
"baseSeverity": "MEDIUM"
|
|
},
|
|
"exploitabilityScore": 1.2,
|
|
"impactScore": 3.6
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "NVD-CWE-noinfo"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:oracle:openjdk:7:update351:*:*:*:*:*:*",
|
|
"matchCriteriaId": "576F2D55-3079-45D0-A2E8-0D250A8F5BDE"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:oracle:openjdk:8:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "FB165A22-A34A-478F-AF3A-483F649AE95D"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:oracle:openjdk:11:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "465CFA59-8E94-415A-ACF0-E678826813BE"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:oracle:openjdk:17.0.2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "778B9A45-E5EB-4B97-9989-AC221A577DCA"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:oracle:openjdk:18:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "56CBFC1F-C120-44F2-877A-C1C880AA89C4"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://bugs.openjdk.org/browse/JDK-8283441",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Exploit",
|
|
"Issue Tracking",
|
|
"Patch",
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://github.com/openjdk/jdk11u-dev/pull/1183",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Patch"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://github.com/openjdk/jdk13u-dev/pull/394",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Patch"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://github.com/openjdk/jdk15u-dev/pull/261",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Patch"
|
|
]
|
|
}
|
|
]
|
|
} |